Director Cyber Security, Threat & Vulnerability

About the position

The Director of Vulnerability & Threat Management leads MGM Resorts International's Cyber Security program, overseeing vulnerability management, threat intelligence, offensive security, penetration testing, and SSDLC. This role ensures compliance with security standards across all technology domains and maintains an information security framework aligned with evolving threats and regulatory requirements. The Director leads a high-performing team, delivers timely, effective security services, and collaborates across IT, digital, and data teams to implement resilient, enterprise-wide security solutions.

Responsibilities

• Lead vulnerability management efforts, including detection, containment, policy enforcement, and remediation.
• Oversee penetration testing and tabletop exercises with Incident Response and engineering teams.
• Collaborate with development teams to integrate SSDLC and 'shift left' security practices.
• Manage and mentor a security team, setting expectations, developing skills, and fostering a high-performance culture.
• Ensure effective task delegation, workload prioritization, and incident response processes.
• Conduct forensic investigations and support legal teams with technical reporting and incident analysis.
• Stay current on threats, vulnerabilities, and cybersecurity regulations.
• Deliver employee training on cyber threats, security best practices, and incident reporting.

Requirements

• 7+ years of cybersecurity experience with a strong focus on vulnerability management and threat mitigation.
• Bachelor's Degree.
• Proven track record of leading and managing high-performing security teams.
• Deep expertise in vulnerability management methodologies, policies, and tools.
• Strong knowledge of incident response frameworks such as NIST CSF and industry best practices.
• Hands-on experience in offensive security operations, penetration testing, and Red Team development.
• Solid understanding of Secure Software Development Lifecycle (SSDLC) and 'Shift Left' principles.
• Strong analytical and problem-solving skills for investigating security incidents and identifying root causes.
• Effective communicator with the ability to collaborate across technical and non-technical teams.
• Experience supporting legal teams on cybersecurity matters and contributing to incident documentation and analysis.
• Demonstrated ability to integrate security practices into the development lifecycle and detect issues early.

Benefits

• Prioritize your wellness, access programs crafted to nurture your mental and physical health.
• Enjoy unbeatable discounts on hotel stays, dining, retail, entertainment, and exclusive partner perks for travel, tech, and beyond!
• Savor delicious meals for free in our employee dining room.
• Park with ease-whether you're on or off shift, it's free!
• From healthcare to financial support and generous time-off options, we've got you covered.
• Elevate your career with development programs, connect through networking events, and make a difference with community volunteer opportunities.